other than having every single device have a unique public IP that is a wet dream for google and other marketers?

Peer to peer (the way connections were intended) actually works without strange workarounds.

You and the grand parent are missing the obvious outcome.

For the most part home users are going to end up with /64s some ISPs might be generous and hand out something bigger but I suspect most will decide not do so in the end.

Does that mean you can put 1,50,100,1000,10000 addresses on device sure, but the network portion the addresses will be the same. That network address is going to uniquely identify your household just like your full ipv4 address does today. Marketers will just assume that each /64 subnet is unique to a user or house hold. Just like the assume on ipv4address is an entire house hold behind NAT.

It changes little to nothing with regard to track ability.

Addressable and reachable are two different things. I'd love to lose all the NATs around here.

One globally unique identifier will be handy even though I would never dream of letting most machines ingress or egress traffic to the internet without passing through some hardened application layer proxy.

Honestly it will make the firewalling and routing much more strait forward, easier to quickly understand the impact of changes on and therefore far more secure.

You are not leaking much information of any real use.

Your routing tables beneath your gateways won't be visible to anyone outside. So they won't learn anything about your network topology.

If as I suggested you proxy everything, something you should do in a secure environment because you need to know everything that is going in and out, they won't see the address anyway! So they won't know you are using public IPs or not.

Even if you do leak that your internal addressing scheme is to use the public IPs without knowing the topology, and your company having at least a /48 it tells them exactly nothing about how to locate hosts. Think about it a /48 is still many orders of magnitude larger that then the entire RFC1918 space today. Its to big to SYN scan if they have pwnd your gateway, and they can assume you are using RFC1918 address currently not to big to SYN scan.

So even if you don't NAT they still now LESS about your network then they do on ipv4.

Addressable and reachable are two different things. I'd love to lose all the NATs around here.

One globally unique identifier will be handy even though I would never dream of letting most machines ingress or egress traffic to the internet without passing through some hardened application layer proxy.

In other words, you're swapping out one box (the NAT) for another (the ALG - application layer gateway, which existed far longer than NAT).

It's still something to admin, and something that'll be a PITA to configure for gaming and what not, at which point people will just say "what does it get me?"

Hell, assuming most people will have their IPv6 machines firewalled off (they'd go to Best Buy and pick off a Linksys "firewall router" for IPv6 to prevent their PCs from getting hacked) and they'd still be poking holes in it to run some game or other, the normal user would definitely start wondering why they bothered spending another $50 on a new router when their old one worked just fine.

And marketers would love the trackability down to the PC level - sure there's the privacy IP thing, but it's defeated if there's a long-running IP connection still established (unless IPv6 has the ability to inform remote hosts that your IP was changing... which has some very interesting implications). Even so, it's usually a day's worth of tracking and a cookie can be used to bridge between days.

Sure malware has a more difficult time scanning a larger range, but htat just means scanning won't be an option. Not that it ever will be purely because firewalls or other things will prevent it from being useful in the first place. Instead they'll just adapt and figure out how to detect new IPs on a local LAN segment and proceed that way (or given the Windows majority, they'll use standard Windows browser techniques to discover).

Between UPnP, ZeroConf (Bonjour) and other methods of discovery, malware will cope just fine.

Which is fine. My IPv6 hosts don't need to care. Of course they'll eventually need to ensure that they have a reliable v4-to-v6 bridge setup either locally or at their ISP, but that will most likely be easier to setup than changing their whole network to IPv6 would be.

They won't any more than they do now. Public facing routers/firewalls will simply be set not to pass through any incoming connections unless otherwise instructed, just like IPv4 routers do. NAT is a read herring here - before NAT was common things worked fine much the same way as they will work under IPv6 (just with a much smaller address space) in that regard. Most big corporate networks control outgoing connections too (which an IPv4+NAT-only setup generally won't by default) so the one incoming default "block" rule is not going to be a significant amount of extra admin.

Certainly some will, though not all that many in the near future. I suspect it will quickly become normal for new networks to be IPv6, and IPv4 will vanish that way rather than due to mass conversions.

It may not be the case here or where you are but it is already getting to the point in some parts of the world that people will have to be IPv6 all the way as their ISPs have too few IPv4 addresses to hand out to the connecting modems. Said ISPs use some form v6-to-v4 bridging so that IP4v-only servers will be contactable, but while your website will be fine not all protocols will work well through this arrangement. I don't know how common it is, but I know people who have been in Hotels out east where the provided network connections are IPv6 only (presumably with some 6-to-4 system in place so v4 only hosts can be contacted). IPv4 may not die any time soon, but that doesn't mean IPv6 use won't grow rapidly.

The big win I see is for mobile devices like phones - it will make the job of large network providers for those devices easier.

Which is rather unfortunate as these devices are where one of the key IPv4 problems exist (Including phones as mentioned above).

No, but IPv6 might grow very rapidly so you can't avoid interacting with it for long even if you stick with IPv4 internally.

Well, others have already mentioned some, but let's try to get a list of possible solutions to this problem listed:

* DNS, access machines by name
* For frequently accessed machines, assign "short numbers", e.g.
1234:5678::25 (where 1234:5678 is your IPv6 prefix). For a little bit of added convenience, assign your network prefix to an environment variable, and you can, e.g.

$ ping ${IP6_Prefix}::25

* Run IPv4 *internally* as well as IPv6, then you can access machines on the local network using the EXACT SAME IPv4 private network addresses you've been using for the last 20 years. IPv6 is most useful for accessing hosts on OTHER networks on the global internet, no reason you can't use IPv4 for internal networking.

* If you use IPv6 auto-config based on Mac addresses, and you have a database of mac addresses on your network, I bet vendors will be releasing tools which allow you to automatically parse out the mac address from an IPv6 and show you which machine the address belongs to. That's good enough for machines you don't need to frequently lookup (like individual workstations of employees). For servers, printers, etc, assign "short numbers" as described above, in blocks (e.g. routers and switches might be ::1 through ::100, printers ::200-::300 , servers ::500-::600, etc, then you just have to remember what the short numbers of frequently used devices are.